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Claims 

1 . A certification authority for generating certificates in response to respective certification requests, 
the certification authority comprising: 

A. a computer that is bootable from a removable medium; and 

B. a removable medium comprising a machine readable medium having encoded thereon: 

i. an operating system module configured to enable the computer to boot from the 
removable medium; and 

ii. a certificate generation module configured to, after the computer has been booted, 
control the computer to facilitate the generation of at least one certificate in response 
to an associated certificate request, the certification authority module being 
configured to provide that the computer not be remotely controlled during a 
certificate generation session. 

2. A certification authority as defined in claim 1 in which said certification authority operates under 
control of an operator, the certificate generation module enabling the computer to display certificate 
request information associated with the certificate request to the operator and receive operator input 
information from an operator, the certificate generation module enabling the computer to use the 
input information from the operator in generating the at least one certificate. 

3. A certification authority as defined in claim 2 in which the operator input information includes 
operator authentication information, the certification generation module including an authentication 
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module configured to enable the computer to receive the operator authentication information and 
verify that the operator is authorized to control the certification authority. 

4. A certification authority as defined in claim 3 in which the certificate includes an digital signature 
comprising a signature that is generated using private encryption key, the certificate generation 
module including 

A. an encrypted private key; 

B. a decryption module configured to enable the computer to use the operator authentication 
information to decrypt the encrypted private key thereby to obtain a private key; and 

C. a digital signature module configured to enable the computer to generate a digital signature 
from information in the at least one certificate using the private key. 

5. A certification authority as defined in claim 2 in which the certificate generation module further 
enables the operator to receive operator input information relating to information in the certificate 
request, the certificate generation module further including: 

A. a certification request information display module configured to enable the computer to 
display certification information to the operator; and 

B. a certification request edit module configured to enable the computer to receive cert request 
modification information from the operator and update information in the certificate request 
in response thereto. 
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6. A certification authority as defined in claim 2 in which the certificate generation module further 
includes a certification request approval module configured enable the computer to receive operator 
input information comprising a certificate request approval and generate the certificate request in 
response thereto. 

7. A certification authority as defined in claim 1 in which information in a certification request is in 
a predetermined format, the certificate generation module further including a certification request 
verification module configured to enable said computer to determine whether the information in the 
at least one certification request is in the predetermined format. 

8. A certification authority as defined in claim 1 in which the computer is connected to retrieve 
certification requests from a remote storage location, the certificate generation module further 
including a communication control module configured to enable the computer to retrieve 
certification requests from the remote storage location. 

9. A computer program product for use in connection with a computer to form a certification 
authority for generating certificates in response to respective certification requests, the computer 
being bootable from a removable medium, the computer program product comprising a removable 
medium in the form of a machine readable medium having encoded thereon: 

A. an operating system module configured to enable the computer to boot from the removable 
medium; and 

B. a certificate generation module configured to, after the computer has been booted, control 
the computer to facilitate the generation of at least one certificate in response to an associated 
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certificate request, the certification authority module being configured to provide that the 
computer not be remotely controlled during a certificate generation session. 

1 0. A computer program product as defined in claim 9 in which said certification authority operates 
under control of an operator, the certificate generation module enabling the computer to display 
certification request information associated with the certification request to the operator and receive 
operator input information from an operator, the certificate generation module enabling the computer 
to use the input information from the operator in generating the at least one certificate. 

11. A computer program product as defined in claim 10 in which the operator input information 
includes operator authentication information, the certificate generation module including an 
authentication module configured to enable the computer to receive the operator authentication 
information and verify that the operator is authorized to control the certification authority. 

1 2. A computer program product as defined in claim 1 1 in which the certificate includes a signature 
comprising a signature that is encrypted using a private encryption key, the certificate generation 
module including 

A. an encrypted private key; 

B. a decryption module configured to enable the computer to use the operator authentication 
information to decrypt the encrypted private key thereby to obtain a private key; and 

C. a digital signature module configured to enable the computer to generate a digital signature 
from information in the at least one certificate and encrypt the digital signature using the 
private key. 
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1 13. A computer program product as defined in claim 10 in which the certificate generation module 

2 further enables the operator to receive operator input information relating to information in the 

3 certification request, the certificate generation module further including: 

4 A. a certification request information display module configured to enable the computer to 

5 display certification information to the operator; and 

6 B . a certification request edit module configured to enable the computer to receive certification 

7 request modification information from the operator and update information in the 

8 certification request in response thereto. 

O 

^1 

fc: i 

F "s 

C| 14. A computer program product as defined in claim 10 in which the certificate generation module 
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fj| further includes a certification request approval module configured enable the computer to receive 

~ 3 operator input information comprising a certification request approval and generate the certificate 

1 4 in response thereto . 
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1 4 1 5 . A computer program product as defined in claim 9 in which information in a certification request 

2 is in a predetermined format, the certificate generation module further including a certification 

3 request verification module configured to enable said computer to determine whether the information 

4 in the at least one certification request is in the predetermined format. 

1 1 6 . A computer program product as defined in claim 9 in which the computer is connected to retrieve 

2 certification requests from a remote storage location, the certificate generation module further 
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3 including a communication control module configured to enable the computer to retrieve 

4 certification requests from the remote storage location. 



in 

fit 



-25- 



